Health Insurance Portability and Accountability ACT (HIPPA)

• HIPPA’s privacy Rule establishes regulations for the use and disclosure of protected health Information (PHI) in healthcare field to protect patient privacy.

• PHI is any information held by a covered entity that concerns health status, provision of healthcare or payment of healthcare that can be linked to an individual.

• HIPAA establishes mandatory regulations that require extensive changes to the way that health providers conduct business.

• HIPAA requires the following entities to comply:

  1. Health Care Providers: Any provider of medical or other health Services that bills or is paid for healthcare in the normal course of business. Health care includes preventive, diagnostic, therapeutic, rehabilitative, maintenance, or palliative care, and counselling, services, assessment, or procedure with respect to the physical or mental condition, or functional status of an individual.

  2. Health Care Clearinghouse: Businesses that process or facilitate the processing of health information received from other businesses. It includes groups such as physician and hospital billing services.

  3. Health Plans: Individuals or group plans that provide or pay the cost of medical care and includes both Medicare and Medicaid programs.

• A patient has the right to submit a complaint if he believes that the health provider has:

1. Improperly used or disclosed their PHI

2. Concerns about their HIPAA Privacy policies

3. Concerns about the provider’s compliance of its privacy policies.

• PHI has been interpreted to include any part of an individual’s medical record (EMR) or payment history but HIPPA specifies 18 PHI identifies in following list.

1. Names

2. All geographical subdivisions smaller than a state including street address, city, country, precinct, zip code and their individual geocodes.

3. Dates (except year) for dates directly related to an individual , including birth date, admission date, discharge date, date of death.

4. Phone numbers

5. Fax numbers

6. Electronic mail address

7. Social security number

8. Medical record number

9. Health plan beneficiary number

10. Account number

11. Certificates number

12. Vehicle identifier and derail numbers, including license plate number.

13. Device identifiers and serial numbers

14. Web universal resource locator(URLs)

15. Internet protocol address numbers

16. Biometric identifiers, including finger & voice prints.

17. Full face photographic images & any comparable images

18. Any other unique identifying number, characteristic or code.

• The health information technology for economic and clinical health act(HITECH Act) of 2009 modifies applicability of HIPPA security and privacy regulations that govern health related information as follows:

1. Business associates of HIPPA- covered entities are now independently subject to HIPPA.

2. Business associates are now subject to the some civil and criminal penalties as covered entities.

3. Requirement for notification of unsecured data branches have been added.